fedora-kickstarts

Clone
Source Code
GIT

#1027 [f39] fedora-container-toolbox: drop systemd
Merged 2 months ago by sgallagh. Opened 2 months ago by rishi.
rishi/fedora-kickstarts wip/rishi/container-toolbox-packages-drop-systemd-block-systemd-resolved-f39  into  f39

file modified
+4 -1 
@@ -82,7 +82,10 @@ 
 

  -shared-mime-info
 

  -sssd-client
 

  sudo
 

- systemd
 

+ # This is a weak dependency of systemd, we do not want
 

+ # this in the container; see
 

+ #  https://github.com/containers/toolbox/issues/1410
 

+ -systemd-resolved
 

  tar # https://bugzilla.redhat.com/show_bug.cgi?id=1409920
 

  tcpdump
 

  time

Since change 48e2c3b this kickstart
is pulling in systemd.

This was noticed because since
b5fc5fd started bringing in
weak-dependencies, we started installing systemd-resolved is which
created a symlinked /etc/resolv.conf in the image. Toolbox will not
currently reset this on container start, as it is a symlink (this
behaviour is a bit complicated; see [1]). This leads to an
incompatability running the toolbox on non systemd-resolved hosts
(e.g. RHEL9); you are left with a dangling symlink and no
name-resolution in the toolbox.

We do not want systemd in the toolbox image by default it; remove it
from the list. Exclude systemd-resolved specifically, so if something
else brings in systemd we still don't include this.

[1] https://github.com/containers/toolbox/issues/1410

rebased onto 531de62
2 months ago

Corresponding pull request for main (and f40): https://pagure.io/fedora-kickstarts/pull-request/1010

Ping. Is there anything blocking this?

I keep coming across more and more new Toolbx users that hit this issue. @sgallagh and @iwienand have put together a rhel-developer-toolbox image that's layered on top of the fedora-toolbox image and designed for RHEL development. Many users of that image are on RHEL hosts, and hence encounter this problem.

Pull-Request has been merged by sgallagh
2 months ago

Thanks, @sgallagh !

Here's a scratch build of the fedora-toolbox image from f39:
https://koji.fedoraproject.org/koji/taskinfo?taskID=115248168

From some initial testing, this pull request seems to have had the desired effect that /etc/resolv.conf is a regular file, not a symbolic link, inside the image:

$ skopeo copy docker-archive:Fedora-Container-Toolbox-f39-20240321.n.0.x86_64.tar.xz containers-storage:localhost/fedora-toolbox:39
$ toolbox create --image localhost/fedora-toolbox:39 fedora-toolbox-39-test
$ podman unshare /bin/bash
# CONTAINER_ROOT="$(podman container mount fedora-toolbox-39-test)"
# cd "$CONTAINER_ROOT"
# ls -l etc/resolv.conf 
-rw-r--r--. 1 bin bin 21 Mar 21 14:18 etc/resolv.conf

Earlier, it used to be a symbolic link (pointing at a non-existent target):

# ls -l etc/resolv.conf 
lrwxrwxrwx. 1 bin bin 39 Nov 28 08:50 etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
Metadata
None
No Tags
Changes Summary 1
+4 -1
file changed
fedora-container-toolbox.ks
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.